Description
Cross-Site Request Forgery (CSRF) vulnerability in InfoScale v.9.1.3 Operations Manager (VIOM) allows an attacker to force the user with an active session into clicking a malicious HTML link, which triggers unintended modifications on VIOM web application without the user's knowledge.
Published: 2026-05-20
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A Cross‑Site Request Forgery flaw in InfoScale Operations Manager (VIOM) version 9.1.3 enables an attacker to trick an authenticated user who has an active session into clicking a crafted link. The action performed by that malicious link causes the web application to process an unintended state‑changing request, leading to unauthorized changes to the system’s configuration or data.

Affected Systems

The affected product is InfoScale Operations Manager (VIOM) v.9.1.3. No other vendors or versions are listed in the CVE data.

Risk and Exploitability

The CVE scores a CVSS base score of 8.8, indicating a high severity level, while the EPSS score is not available and it is not listed in the CISA KEV catalog. Because the exploitation requires an authenticated user with an active session, the attack vector is likely user interaction (the victim clicking a malicious link). The lack of exposure metrics makes precise risk assessment difficult, but CSRF is a well‑known weakness that can compromise data integrity if mitigations are not in place.

Generated by OpenCVE AI on May 20, 2026 at 20:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest vendor‑issued patch for VIOM that addresses the CSRF vulnerability.
  • Configure the web application to require and validate a CSRF token for all state‑changing HTTP requests and reject any request lacking a valid token.
  • Enforce same‑origin policies and enable secure cookie attributes (HttpOnly, Secure, SameSite) to limit token theft.
  • Provide user awareness training so users recognize and avoid clicking suspicious links.

Generated by OpenCVE AI on May 20, 2026 at 20:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 21:00:00 +0000

Type Values Removed Values Added
Title InfoScale Operations Manager CSRF Vulnerability

Wed, 20 May 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 20 May 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Veritas
Veritas infoscale Operations Manager
Vendors & Products Veritas
Veritas infoscale Operations Manager

Wed, 20 May 2026 17:45:00 +0000

Type Values Removed Values Added
Title InfoScale Operations Manager CSRF Vulnerability
Weaknesses CWE-352

Wed, 20 May 2026 16:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in InfoScale v.9.1.3 Operations Manager (VIOM) allows an attacker to force the user with an active session into clicking a malicious HTML link, which triggers unintended modifications on VIOM web application without the user's knowledge.
References

Subscriptions

Veritas Infoscale Operations Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-20T18:12:23.459Z

Reserved: 2026-05-08T00:00:00.000Z

Link: CVE-2026-44925

cve-icon Vulnrichment

Updated: 2026-05-20T18:11:39.235Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-20T17:16:24.240

Modified: 2026-05-20T20:16:40.353

Link: CVE-2026-44925

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T20:45:03Z

Weaknesses